/**
* This function is used to upload the attachment in the server and save that attachment information in db.
* @param int $id - entity id to which the file to be uploaded
* @param string $module - the current module name
* @param array $file_details - array which contains the file information(name, type, size, tmp_name and error)
* return void
*/
function uploadAndSaveFile($id, $module, $file_details)
{
global $log;
$log->debug("Entering into uploadAndSaveFile({$id},{$module},{$file_details}) method.");
global $adb, $current_user;
global $upload_badext;
$date_var = date("Y-m-d H:i:s");
//to get the owner id
$ownerid = $this->column_fields['assigned_user_id'];
if (!isset($ownerid) || $ownerid == '') {
$ownerid = $current_user->id;
}
if (isset($file_details['original_name']) && $file_details['original_name'] != null) {
$file_name = $file_details['original_name'];
} else {
$file_name = $file_details['name'];
}
$save_file = 'true';
//only images are allowed for Image Attachmenttype
$mimeType = mime_content_type($file_details['tmp_name']);
$mimeTypeContents = explode('/', $mimeType);
// For contacts and products we are sending attachmentType as value
if ($attachmentType == 'Image' || $file_details['size'] && $mimeTypeContents[0] == 'image') {
$save_file = validateImageFile($file_details);
}
if ($save_file == 'false') {
return false;
}
$binFile = sanitizeUploadFileName($file_name, $upload_badext);
$current_id = $adb->getUniqueID("vtiger_crmentity");
$filename = ltrim(basename(" " . $binFile));
//allowed filename like UTF-8 characters
$filetype = $file_details['type'];
$filesize = $file_details['size'];
$filetmp_name = $file_details['tmp_name'];
//get the file path inwhich folder we want to upload the file
$upload_file_path = decideFilePath();
//upload the file in server
$upload_status = move_uploaded_file($filetmp_name, $upload_file_path . $current_id . "_" . $binFile);
$save_file = 'true';
//only images are allowed for these modules
//SalesPlatform.ru begin
//if ($module == 'Contacts' || $module == 'Products') {
// $save_file = validateImageFile($file_details);
//}
//SalesPlatform.ru end
if ($save_file == 'true' && $upload_status == 'true') {
//This is only to update the attached filename in the vtiger_notes vtiger_table for the Notes module
if ($module == 'Contacts' || $module == 'Products') {
$sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values(?, ?, ?, ?, ?, ?, ?)";
$params1 = array($current_id, $current_user->id, $ownerid, $module . " Image", $this->column_fields['description'], $adb->formatDate($date_var, true), $adb->formatDate($date_var, true));
} else {
$sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values(?, ?, ?, ?, ?, ?, ?)";
$params1 = array($current_id, $current_user->id, $ownerid, $module . " Attachment", $this->column_fields['description'], $adb->formatDate($date_var, true), $adb->formatDate($date_var, true));
}
$adb->pquery($sql1, $params1);
$sql2 = "insert into vtiger_attachments(attachmentsid, name, description, type, path) values(?, ?, ?, ?, ?)";
$params2 = array($current_id, $filename, $this->column_fields['description'], $filetype, $upload_file_path);
$result = $adb->pquery($sql2, $params2);
if ($_REQUEST['mode'] == 'edit') {
if ($id != '' && vtlib_purify($_REQUEST['fileid']) != '') {
$delquery = 'delete from vtiger_seattachmentsrel where crmid = ? and attachmentsid = ?';
$delparams = array($id, vtlib_purify($_REQUEST['fileid']));
$adb->pquery($delquery, $delparams);
}
}
if ($module == 'Documents') {
$query = "delete from vtiger_seattachmentsrel where crmid = ?";
$qparams = array($id);
$adb->pquery($query, $qparams);
}
if ($module == 'Contacts') {
$att_sql = "select vtiger_seattachmentsrel.attachmentsid from vtiger_seattachmentsrel inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_seattachmentsrel.attachmentsid where vtiger_crmentity.setype='Contacts Image' and vtiger_seattachmentsrel.crmid=?";
$res = $adb->pquery($att_sql, array($id));
$attachmentsid = $adb->query_result($res, 0, 'attachmentsid');
if ($attachmentsid != '') {
$delquery = 'delete from vtiger_seattachmentsrel where crmid=? and attachmentsid=?';
$adb->pquery($delquery, array($id, $attachmentsid));
$crm_delquery = "delete from vtiger_crmentity where crmid=?";
$adb->pquery($crm_delquery, array($attachmentsid));
$sql5 = 'insert into vtiger_seattachmentsrel values(?,?)';
$adb->pquery($sql5, array($id, $current_id));
} else {
$sql3 = 'insert into vtiger_seattachmentsrel values(?,?)';
$adb->pquery($sql3, array($id, $current_id));
}
} else {
$sql3 = 'insert into vtiger_seattachmentsrel values(?,?)';
$adb->pquery($sql3, array($id, $current_id));
}
return true;
} else {
$log->debug("Skip the save attachment process.");
return false;
}
}
/** Function to upload the file to the server and add the file details in the attachments table
* @param $id -- user id:: Type varchar
* @param $module -- module name:: Type varchar
* @param $file_details -- file details array:: Type array
*/
function uploadAndSaveFile($id, $module, $file_details)
{
$log = vglobal('log');
$log->debug("Entering into uploadAndSaveFile({$id},{$module},{$file_details}) method.");
$current_user = vglobal('current_user');
global $upload_badext;
$date_var = date('Y-m-d H:i:s');
//to get the owner id
$ownerid = $this->column_fields['assigned_user_id'];
if (!isset($ownerid) || $ownerid == '') {
$ownerid = $current_user->id;
}
$saveFile = 'true';
//only images are allowed for these modules
if ($module == 'Users') {
$saveFile = validateImageFile($file_details);
}
if ($saveFile == 'false') {
return;
}
$file = $file_details['name'];
$binFile = sanitizeUploadFileName($file, $upload_badext);
$filename = ltrim(basename(" " . $binFile));
//allowed filename like UTF-8 characters
$filetype = $file_details['type'];
$filesize = $file_details['size'];
$filetmp_name = $file_details['tmp_name'];
$current_id = $this->db->getUniqueID("vtiger_crmentity");
//get the file path inwhich folder we want to upload the file
$upload_file_path = decideFilePath($module);
//upload the file in server
$upload_status = move_uploaded_file($filetmp_name, $upload_file_path . $current_id . "_" . $binFile);
if ($saveFile == 'true') {
$sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values(?,?,?,?,?,?,?)";
$params1 = array($current_id, $current_user->id, $ownerid, $module . " Attachment", $this->column_fields['description'], $this->db->formatDate($date_var, true), $this->db->formatDate($date_var, true));
$this->db->pquery($sql1, $params1);
$sql2 = "insert into vtiger_attachments(attachmentsid, name, description, type, path) values(?,?,?,?,?)";
$params2 = array($current_id, $filename, $this->column_fields['description'], $filetype, $upload_file_path);
$result = $this->db->pquery($sql2, $params2);
if ($id != '') {
$delquery = 'delete from vtiger_salesmanattachmentsrel where smid = ?';
$this->db->pquery($delquery, array($id));
}
$sql3 = 'insert into vtiger_salesmanattachmentsrel values(?,?)';
$this->db->pquery($sql3, array($id, $current_id));
//we should update the imagename in the users table
$this->db->pquery("update vtiger_users set imagename=? where id=?", array($filename, $id));
} else {
$log->debug("Skip the save attachment process.");
}
$log->debug("Exiting from uploadAndSaveFile({$id},{$module},{$file_details}) method.");
return;
}
/**
* This function is used to upload the attachment in the server and save that attachment information in db.
* @param int $id - entity id to which the file to be uploaded
* @param string $module - the current module name
* @param array $file_details - array which contains the file information(name, type, size, tmp_name and error)
* return void
*/
function uploadAndSaveFile($id, $module, $file_details)
{
global $log;
$log->debug("Entering into uploadAndSaveFile({$id},{$module},{$file_details}) method.");
global $current_user;
global $upload_badext;
$date_var = date('Y-m-d H:i:s');
//to get the owner id
$ownerid = isset($this->column_fields['assigned_user_id']) ? $this->column_fields['assigned_user_id'] : '';
if (!isset($ownerid) || $ownerid == '') {
$ownerid = $current_user->id;
}
// Arbitrary File Upload Vulnerability fix - Philip
$binFile = $file_details['name'];
$ext_pos = strrpos($binFile, ".");
$ext = substr($binFile, $ext_pos + 1);
if (in_array($ext, $upload_badext)) {
$binFile .= ".txt";
}
// Vulnerability fix ends
$current_id = $this->db->getUniqueID("ec_crmentity");
$filename = explode_basename($binFile);
$filetype = $file_details['type'];
$filesize = $file_details['size'];
$filetmp_name = $file_details['tmp_name'];
//get the file path inwhich folder we want to upload the file
$upload_file_path = decideFilePath();
//upload the file in server
if (is_uploaded_file($filetmp_name)) {
$encode_file = base64_encode_filename($binFile);
$upload_status = move_uploaded_file($filetmp_name, $upload_file_path . $current_id . "_" . $encode_file);
}
$save_file = 'true';
//only images are allowed for these modules
if ($module == 'Contacts' || $module == 'Products') {
echo "222";
$save_file = validateImageFile($file_details);
}
if ($save_file == 'true' && $upload_status == 'true') {
//This is only to update the attached filename in the ec_notes ec_table for the Notes module
if ($module == 'Notes') {
$sql = "update ec_notes set filename='" . $filename . "' where notesid = " . $id;
$this->db->query($sql);
} else {
if ($module == 'Documents') {
$sql = "update ec_documents set filename='" . $filename . "' where documentsid = " . $id;
$this->db->query($sql);
}
}
$description = "";
if (isset($this->column_fields['description'])) {
$description = $this->column_fields['description'];
}
$sql1 = "insert into ec_crmentity (crmid,setype) values(" . $current_id . ",'" . $module . " Attachment')";
$this->db->query($sql1);
$sql = "insert into ec_attachments(attachmentsid,name,description,type,setype,path,smcreatorid,createdtime) values(";
$sql .= $current_id . ",'" . $filename . "','" . $description . "','" . $filetype . "','" . $module . "','" . $upload_file_path . "','" . $ownerid . "','" . $date_var . "')";
$result = $this->db->query($sql);
if (isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'edit') {
if ($id != '' && isset($_REQUEST['fileid']) && $_REQUEST['fileid'] != '') {
$delquery = 'delete from ec_seattachmentsrel where crmid = ' . $id . ' and attachmentsid = ' . $_REQUEST['fileid'];
$this->db->query($delquery);
}
}
if ($module == 'Notes' || $module == 'Documents') {
$query = "delete from ec_seattachmentsrel where crmid = " . $id;
$this->db->query($query);
}
$sql3 = 'insert into ec_seattachmentsrel values(' . $id . ',' . $current_id . ')';
$this->db->query($sql3);
return true;
} else {
$log->debug("Skip the save attachment process.");
return false;
}
}
// Allow certain file formats
$imageFileType = $check["mime"];
if ($imageFileType != "image/jpg" && $imageFileType != "image/png" && $imageFileType != "image/jpeg" && $imageFileType != "image/gif") {
sendResponse('UNSUPPORTED_IMAGE_FORMAT', 'error');
$isValid = false;
return $isValid;
}
return $isValid;
}
if ($_SERVER["REQUEST_METHOD"] == "GET") {
include "RIPTattoos.html";
} else {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$uploadStatus = false;
if (validateFormFields()) {
$uploadStatus = validateImageFile();
}
if ($uploadStatus) {
//Generate unique timestamp based image name
$t = time();
$target_file = $target_dir . join("_", array($t, basename($_FILES["picToUpload"]["name"])));
// Check if file already exists
if (file_exists($target_file)) {
$uploadStatus = false;
sendResponse('EXISTING_FILE_OVERRIDE_ALERT', 'error');
} else {
// if everything is ok, try to upload file
if (move_uploaded_file($_FILES["picToUpload"]["tmp_name"], $target_file)) {
$number = formatFormData($_POST["number"]);
$email = formatFormData($_POST["email"]);
$mailStatus = sendMail($number, $email, $target_file);
/**
* This function is used to upload the attachment in the server and save that attachment information in db.
* @param int $id - entity id to which the file to be uploaded
* @param string $module - the current module name
* @param array $file_details - array which contains the file information(name, type, size, tmp_name and error)
* return void
*/
function uploadAndSaveFile($id, $module, $file_details, $attachmentType = 'Attachment')
{
$log = LoggerManager::getInstance();
$log->debug("Entering into uploadAndSaveFile({$id},{$module},{$file_details}) method.");
$adb = PearDatabase::getInstance();
$current_user = vglobal('current_user');
$date_var = date("Y-m-d H:i:s");
//to get the owner id
$ownerid = $this->column_fields['assigned_user_id'];
if (!isset($ownerid) || $ownerid == '') {
$ownerid = $current_user->id;
}
if (isset($file_details['original_name']) && $file_details['original_name'] != null) {
$file_name = $file_details['original_name'];
} else {
$file_name = $file_details['name'];
}
$saveFile = 'true';
//only images are allowed for Image Attachmenttype
$mimeType = Vtiger_Functions::getMimeContentType($file_details['tmp_name']);
$mimeTypeContents = explode('/', $mimeType);
// For contacts and products we are sending attachmentType as value
if ($attachmentType == 'Image' || $file_details['size'] && $mimeTypeContents[0] == 'image') {
$saveFile = validateImageFile($file_details);
}
if ($saveFile == 'false') {
return false;
}
$binFile = sanitizeUploadFileName($file_name, AppConfig::main('upload_badext'));
$current_id = $adb->getUniqueID('vtiger_crmentity');
$filename = ltrim(basename(' ' . $binFile));
//allowed filename like UTF-8 characters
$filetype = $file_details['type'];
$filesize = $file_details['size'];
$filetmp_name = $file_details['tmp_name'];
//get the file path inwhich folder we want to upload the file
$upload_file_path = decideFilePath($module);
//upload the file in server
$upload_status = move_uploaded_file($filetmp_name, $upload_file_path . $current_id . '_' . $binFile);
$save_file = 'true';
//only images are allowed for these modules
if ($module == 'Contacts' || $module == 'Products') {
$save_file = validateImageFile($file_details);
}
if ($save_file == 'true' && $upload_status == 'true') {
//This is only to update the attached filename in the vtiger_notes vtiger_table for the Notes module
$params = ['crmid' => $current_id, 'smcreatorid' => $current_user->id, 'smownerid' => $ownerid, 'setype' => $module . " Image", 'description' => $this->column_fields['description'], 'createdtime' => $adb->formatDate($date_var, true), 'modifiedtime' => $adb->formatDate($date_var, true)];
if ($module == 'Contacts' || $module == 'Products') {
$params['setype'] = $module . " Image";
} else {
$params['setype'] = $module . " Attachment";
}
$adb->insert('vtiger_crmentity', $params);
$params = ['attachmentsid' => $current_id, 'name' => $filename, 'description' => $this->column_fields['description'], 'type' => $filetype, 'path' => $upload_file_path];
$adb->insert('vtiger_attachments', $params);
if ($_REQUEST['mode'] == 'edit') {
if ($id != '' && vtlib_purify($_REQUEST['fileid']) != '') {
$delparams = [$id, vtlib_purify($_REQUEST['fileid'])];
$adb->delete('vtiger_seattachmentsrel', 'crmid = ? AND attachmentsid = ?', $delparams);
}
}
if ($module == 'Documents') {
$adb->delete('vtiger_seattachmentsrel', 'crmid = ?', [$id]);
}
if ($module == 'Contacts') {
$att_sql = "select vtiger_seattachmentsrel.attachmentsid from vtiger_seattachmentsrel inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_seattachmentsrel.attachmentsid where vtiger_crmentity.setype='Contacts Image' and vtiger_seattachmentsrel.crmid=?";
$res = $adb->pquery($att_sql, array($id));
$attachmentsid = $adb->query_result($res, 0, 'attachmentsid');
if ($attachmentsid != '') {
$adb->delete('vtiger_seattachmentsrel', 'crmid = ? AND attachmentsid = ?', [$id, $attachmentsid]);
$adb->delete('vtiger_crmentity', 'crmid = ?', [$attachmentsid]);
$adb->insert('vtiger_seattachmentsrel', ['crmid' => $id, 'attachmentsid' => $current_id]);
} else {
$adb->insert('vtiger_seattachmentsrel', ['crmid' => $id, 'attachmentsid' => $current_id]);
}
} else {
$adb->insert('vtiger_seattachmentsrel', ['crmid' => $id, 'attachmentsid' => $current_id]);
}
return true;
} else {
$log->debug("Skip the save attachment process.");
return false;
}
}
